Ubuntu
resolvconf package

Bug #923685
Comment #25

Comment 25 for bug 923685

Revision history for this message

Thomas Hood (jdthood) wrote on 2012-02-03: Re: New resolver package overwrites manually created resolv.conf on server

#25

We should grep for "dns-nameservers" and not just for "dns-" in step 5 in the algorithm.

The algorithm will still fail in a case like this:

=== /e/n/i ===
auto eth0

iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0

iface foo inet static
dns-nameservers 1.2.3.4
================

In this case the algorithm will fail to link tail to original (and thus, fail to cause /sbin/resolvconf to include the original as the tail of resolv.conf) because it will see a dns-nameservers line in a logical interface even though that logical interface isn't used. Perhaps we should only refrain from linking tail to original due to the presence of a dns-nameservers line if the default mapping is used and the dns-nameservers line found is in a logical interface definition whose name is listed on an "auto" line. That would be safer. (Remember, the consequences of wrongly omitting the link are worse than the consequences of wrongly creating it.)

We can refine the algorithm even further but we will never be able to make it work perfectly under all possible circumstances. I've mentioned the "mapping" and "source" features but there are other ways in which the networking configuration may have been customized by the admin. There's no limit to what people may have put onto "up" lines.

Because we can end up with tail linked to original in cases where it's not appropriate, it is important to minimize the negative consequences of this.

I see one small way of reducing the possible negative impact of an unneeded tail->original. Consider that /sbin/resolvconf composes a resolv.conf file from:

    head
    base + dynamic content, ordered according to /etc/resolvconf/interface-order
    tail

For nameserver addresses it's fine to include them in the tail file because any dynamically added addresses will precede them and thus override them.

For "domain" and "search" lines it's not fine since, according to resolv.conf(5), the last instance wins. Thus a "domain" or "search" line in the original file will always override the dynamic "search" line.

It would thus be better to include "domain" and "search" lines from the original file in the head file and not in the tail file.

What I would propose is that instead of creating a symlink, the installation program splits up the original file into "head-from-original" (containing domain and/or search lines) and "tail-from-original" (including nameserver lines and anything else) and that /sbin/resolvconf builds resolv.conf from

    head
    head-from-original
    base + dynamic content
    tail-from-original
    tail

--
Thomas

We should grep for "dns-nameservers" and not just for "dns-" in step 5 in the algorithm.

The algorithm will still fail in a case like this:

=== /e/n/i ===
auto eth0

iface eth0 inet static
    address 192.168.0.2
    netmask 255.255.255.0

iface foo inet static
    dns-nameservers 1.2.3.4
================

In this case the algorithm will fail to link tail to original (and thus, fail to cause /sbin/resolvconf to include the original as the tail of resolv.conf) because it will see a dns-nameservers line in a logical interface even though that logical interface isn't used.  Perhaps we should only refrain from linking tail to original due to the presence of a dns-nameservers line if the default mapping is used and the dns-nameservers line found is in a logical interface definition whose name is listed on an "auto" line.  That would be safer.  (Remember, the consequences of wrongly omitting the link are worse than the consequences of wrongly creating it.)

We can refine the algorithm even further but we will never be able to make it work perfectly under all possible circumstances.  I've mentioned the "mapping" and "source" features but there are other ways in which the networking configuration may have been customized by the admin.  There's no limit to what people may have put onto "up" lines.

Because we can end up with tail linked to original in cases where it's not appropriate, it is important to minimize the negative consequences of this.

I see one small way of reducing the possible negative impact of an unneeded tail->original.  Consider that /sbin/resolvconf composes a resolv.conf file from:

head
    base + dynamic content, ordered according to /etc/resolvconf/interface-order
    tail

For nameserver addresses it's fine to include them in the tail file because any dynamically added addresses will precede them and thus override them.

For "domain" and "search" lines it's not fine since, according to resolv.conf(5), the last instance wins.  Thus a "domain" or "search" line in the original file will always override the dynamic "search" line.

It would thus be better to include "domain" and "search" lines from the original file in the head file and not in the tail file.

head
    head-from-original
    base + dynamic content
    tail-from-original
    tail

-- 
Thomas

Ubunturesolvconf package

Comment 25 for bug 923685

Ubuntu
resolvconf package